Criminals are hacking the OpenMetadata flaw to mine crypto on Kubernetes
Hackers have been observed exploiting flaws in OpenMetadata workloads to install cryptocurrency miners on Kubernetes.
Cybersecurity researchers from the Microsoft Threat Intelligence team reported on a new campaign, which started in early April 2024, in which unidentified threat actors scanned the Internet looking for Internet-connected OpenMetadata workloads vulnerable to these five flaws: CVE-2024- 28847, CVE-2024-28848, CVE-2024-28253, CVE-2024-28254 and CVE-2024-28255.
Once found, they would exploit these flaws with malware to gain a foothold on the systems. After a bit of analysis and exploration, the attackers installed cryptocurrency miners on Kubernetes workloads.
Cryptomining season
OpenMetadata is an open source framework and standard for managing metadata in an open and interoperable way across tools, technologies and platforms. Metadata is essentially data about data, providing context, description, and structure to the actual data.
Among the various cryptocurrency miners, the most notable one is called XMRig. It is a lightweight program that ‘mines’ (essentially generates) the Monero currency, also known as XMR. Monero is described as a privacy-focused coin, virtually impossible to trace, making it of particular interest to cybercriminals.
“Mining” cryptocurrency refers to performing compute-intensive operations, rendering the computer useless for anything else, even if the device is extremely powerful. At the same time, the device will spend a huge amount of electrical energy mining the crypto, causing the victims to incur huge electricity bills.
The attackers, on the other hand, will receive disproportionately few cryptos, making the damage much greater.
On the other hand, it is relatively easy to become infected with a cryptominer as the affected computer slows down. However, since the crypto bull run is currently in full swing, we can expect to see more of these crypto miners emerge.
“This attack serves as a valuable reminder of why it is critical to remain compliant and run fully patched workloads in containerized environments,” the researchers said.
Through The hacker news